HTSv5 is getting closer and closer every day and our developers are working fervently on its release. However, it has recently been expressed by many of you that the current hacking challenges are growing out of date, and are in need of revision. Unfortunately, this has been a well known fact for some time now. New missions are being designed to be released with HTSv5. We also realize there is a lot of untapped talent out there in our community. We want to encourage you to assist us in providing the latest exploits and hacking techniques available. We are now officially opening up user submitted challenges!

How to submit:

Challenge submissions should be sent to our developers at staff (at) hackthissite.org, and titled “Mission Submission”. Be sure to include your HTS user name when you submit. Recognition will be given to those whose challenges are accepted and hosted on HTS. Challenges are not limited to current mission categories. If you wish to provide something entirely new, please do!

(Edit by Kage) Please do note that when v5 is deployed, this method will change. We will be incorporating what are currently called "Remote Missions," where users host their own missions utilizing an API we'll provide. These missions count for no points and are purely for users to attempt making their own missions and letting the community try them out. When v5 deploys, this will be the only way user-submitted missions can make it into the official roster. One of two things must happen:

The mission must pass a certain ratings threshold (eg. 3.5/5 average rating from at least 100 members, but the numbers aren't worked out yet)

If the mission gains serious staff attention and gets hand-chosen (please don't lobby us for this, it'll make us hate you )

If either of these things happen, and the mission meets staff approval, it'll eventually get placed into Dev, tested in Staging, and--if it passes all tests--merged into Production.

Requirements: Your submission should include the following

- Summary of the learning intent for the challenge.- Full explanation of the challenge by design AND how to complete it.- Any additional files for the challenge. (picture if stego, source code if web, etc. etc.) ___*note: We will not accept executables! Send us what we need and we will compile it ourselves.*- Compress your work before you submit. (.zip/.rar/.tar.gz/.7z)

You will be notified if your challenge was approved, denied, or modified.

Don’t know how to design a challenge but want to see one covering something specific? Leave your suggestions here! Who knows, either we will design one, or another HTS user will assist and create it.

"The quieter you become, the more you are able to hear...""Drink all the booze, hack all the things."

Anyway, I am wondering, how do you account for server environment on a sub mission if we were to create one? For example my javascript login mission requires that .htaccess and robots.txt preclude users or search engines from potentially indexing pages that would circumvent the entire mission's concept.

Another conceptual mission that I never completed because of server environment (I would have had to remove mod_security on my own hosting, or create some kind of pseudo hosting just for the mission) actually relies on exploitation of a certain server environment with a major flaw... the trick of the mission is actually knowing the existence of flaw and recognizing that the site your own is on it.